Thanks Colm, I did what you suggested. The updated policy looks like
Now using SOAP UI when I test (without any 'Incoming WSS'), I get back response in which body content is encrypted. The response I get back from apache cxf looks like But now when I specify the 'Incoming WSS' which should enable SOAP UI to decrypt the response message, it simply gives an error So I am not sure if it is a SOAP UI issue or data being returned is not encrypted/signed properly. Looking at the verbose logs on the server side, there are no error/warnings. Do I need to enable 'RecipientEncryptionToken' as well. I already tried including this, but this results error on the server side during the response policy verification, as apache cxf is not able to generate this token in the response. Thanks again for your help. -- View this message in context: http://cxf.547215.n5.nabble.com/Response-not-getting-encrypted-tp5753247p5753444.html Sent from the cxf-user mailing list archive at Nabble.com.
